Abstract
Protecting the network perimeters from malicious activities is a necessity and essential defence mechanism against cyberattacks. Network Intrusion Detection system (NIDS) is commonly used as a defense mechanism. This paper presents the Symptoms-based NIDS, a new intrusion detection system approach that learns the normal network behaviours through monitoring a range of network data attributes at the network and the transport layers. The proposed IDS consists of distributed anomaly detection agents and a centralised anomaly classification engine. The detection agents are located at the end nodes of the protected network, detecting anomalies by analysing network traffic and identifying abnormal activities. These agents will capture and analyse the network and the transport headers of individual packets for malicious activities. The agents will communicate with the centralised anomaly classification engine upon detecting a suspicious activity for attack prioritisation and classification. The paper presented a list of network attributes to be considered as classification features to identify anomalies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 1–22 (2019). https://doi.org/10.1186/s42400-019-0038-7
Einy, S., Oz, C., Navaei, Y.D.: The anomaly- and signature-based IDS for network security using hybrid inference systems. Mathematical Problems in Engineering 2021 (2021)
Torabi, M., Udzir, N.I., Abdullah, M.T., Yaakob, R.: A review on feature selection and ensemble techniques for intrusion detection system. Int. J. Found. Comput. Sci. 12, 1–13 (2021)
Singh, R.R., Gupta, N., Kumar, S.: To reduce the false alarm in intrusion detection systems using self-organizing. Int. J. Soft Comput. Eng. 1(2), 27–32 (2011)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009)
Rhee, M.Y.: Internet Firewalls for Trusted Security. Wiley (2013)
Sundaramurthy, S.C., Case, J., Truong, T., Zomlot, L., Hoffmann, M.: A tale of three security operation centers. In: Proceedings of the 2014 ACM Workshop on Security Information Workers - SIW 2014, pp. 43–50. ACM Press, New York (2014)
Ghorbani, A.A., Lu, W., Tavallaee, M.: Network Intrusion Detection and Prevention: Concepts and Techniques. Springer, Boston (2010)
Xue, Y., Wang, D., Zhang, L.: Traffic classification: issues and challenges. In: 2013 International Conference on Computing, Networking and Communications (ICNC), pp. 545–549. IEEE (2013)
Guimaraes, M., Murray, M.: Overview of intrusion detection and intrusion prevention. In: InfoSecCD ’08: Proceedings of the 5th Annual Conference on Information Security Curriculum Development. Association for Computing Machinery. Kennesaw Georgia (2008)
Thottan, M., Liu, G., Ji, C.: Anomaly detection approaches for communication networks. In: Cormode, G., Thottan, M. (eds.) Algorithms for Next Generation Networks, pp. 239–261. Springer, London (2010)
Siraj, M., Hashim, M.: Zaiton: network intrusion alert correlation challenges and techniques. Jurnal Teknologi Maklumat. 20, 12–36 (2008)
Om, H., Hazra, T.: Statistical techniques in anomaly intrusion detection system. Int. J. Adv. Eng. Technol. 5, 387–398 (2012)
Bolzoni, D., Etalle, S., Hartel, P.H.: Panacea: automating attack classification for anomaly-based network intrusion detection systems. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 1–20. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04342-0_1
Om, H., Kundu, A.: A hybrid system for reducing the false alarm rate of anomaly intrusion detection system. In: 2012 1st International Conference on Recent Advances in Information Technology (RAIT), pp. 131–136. IEEE (2012)
Spathoulas, G., Katsikas, S.: Methods for post-processing of alerts in intrusion detection. Int. J. Inf. Secur. Sci. 2, 64–80 (2013)
Stiawan, D., Yaseen, A.L.A., Shakhatreh, I., Idris, M.Y., Bakar, K.A.B.U., Abdullah, A.H.: Intrusion prevention system: a survey. J. Theoretical Appl. Inf. Technol. (2011)
Karasek, D.Y., Kim, J., Kemmoe, V.Y., Bhuiyan, M.Z.A., Cho, S., Son, J.: SuperB: superior behavior-based anomaly detection defining authorized users’ traffic patterns. In: International Conference on Computer Communications and Networks, ICCCN. Hawaii, USA (2020)
Bolzoni, D.: Revisiting anomaly-based network intrusion detection systems. University of Twente, Enschede (2009)
García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28, 18–28 (2009)
Acknowledgement
The research leading to these results has received funding from the Research Council (TRC) of the Sultanate of Oman under the Open Research Grant Program. TRC Grant Agreement No [BFP/RGP/ICT/20/377]
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Qassim, Q.S., Jamil, N., Mahdi, M.N. (2021). Symptoms-Based Network Intrusion Detection System. In: Badioze Zaman, H., et al. Advances in Visual Informatics. IVIC 2021. Lecture Notes in Computer Science(), vol 13051. Springer, Cham. https://doi.org/10.1007/978-3-030-90235-3_42
Download citation
DOI: https://doi.org/10.1007/978-3-030-90235-3_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90234-6
Online ISBN: 978-3-030-90235-3
eBook Packages: Computer ScienceComputer Science (R0)